﻿using Models;
using System;
using System.Linq;


public partial class login : System.Web.UI.Page
    {
    public string mimg ="", mname="";
    protected void Page_Load(object sender, EventArgs e)
        {
      
            var sysset = new SysSet().loadCacheConfig(Utils.GetMapPath("~/App_Data/WebSet.config"));
            //  
            mimg = sysset.WaterFont.ToString();
            mname= sysset.WebName.ToString();


    }


    protected void LoginBUT_Click(object sender, EventArgs e)
    {
        string UserName = txtUserName.Text.Trim();
        string UserPwd = Base64.Base64Decode(txtUserPwd.Text.Trim());

        if (UserName.Equals("") || UserPwd.Equals("") || TextCode.Equals(""))
        {
            lbMsg.Text = "请输入您要登录用户名,密码,以及验证码";
        }
        else
        {
            if (Session["CheckCode"] == null || Session["CheckCode"].ToString() == String.Empty)
            {
                lbMsg.Text = "验证码过期，请刷新!";
                return;
            }

            if (SqlFilter2(UserName)|| SqlFilter2(TextCode.Text.ToString()))
            {

                lbMsg.Text = "非法字符!";
                new AdminBase().SaveLogs(UserName, "[用户登录]状态：登入失败，非法字符！"+ UserName+ TextCode.Text.ToString());
                return;
            }

            if (TextCode.Text.ToString().Trim() != Session["CheckCode"].ToString())
            {
                lbMsg.Text = "用户登入失败，验证码不正确!";
                new AdminBase().SaveLogs(UserName, "[用户登录]状态：登入失败，验证码不正确！");
                return;
            }
            else
            {
                if (Session["AdminLoginSun"] == null)
                {
                    Session["AdminLoginSun"] = 1;
                }
                else
                {
                    Session["AdminLoginSun"] = Convert.ToInt32(Session["AdminLoginSun"]) + 1;
                }
                //判断登录
                if (Session["AdminLoginSun"] != null && Convert.ToInt32(Session["AdminLoginSun"]) > 3)
                {
                    lbMsg.Text = "登录错误超过3次，请关闭浏览器重新登录。";
                }

                else if (new AdminBase().bllchkAdminLogin(UserName, DESEncrypt.Encrypt(UserPwd)))
                {

                    //保存日志
                    new AdminBase().SaveLogs(UserName, "[用户登录]状态：登录成功！");

                    Response.Redirect("index.aspx");
                }
                else
                {
                    lbMsg.Text = "您输入的用户名或密码不正确";
                    //保存日志
                    new AdminBase().SaveLogs(UserName, "[用户登录] 状态：登录失败！");

                }

            }
        }

    }

    public static bool SqlFilter2(string InText)
    {
        string word = "&|<|form|>|'|*|\n|?|select|insert|update|delete|create|drop|delcare";
        if (InText == null)
            return false;
        foreach (string i in word.Split('|'))
        {
            if ((InText.ToLower().IndexOf(i) > -1) || (InText.ToLower().IndexOf(" " + i) > -1))
            {
                return true;
            }
        }
        return false;
    }




}
